CN114285589A - Method, terminal and system for actively guiding attack flow and disguising response - Google Patents
Method, terminal and system for actively guiding attack flow and disguising response Download PDFInfo
- Publication number
- CN114285589A CN114285589A CN202110006985.9A CN202110006985A CN114285589A CN 114285589 A CN114285589 A CN 114285589A CN 202110006985 A CN202110006985 A CN 202110006985A CN 114285589 A CN114285589 A CN 114285589A
- Authority
- CN
- China
- Prior art keywords
- address
- data packet
- response
- module
- access data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a disguised response terminal, which includes: the system comprises a first data receiving module, a first IP address modifying module, a second IP address modifying module and a first data sending module; a receive return module; and an active drainage attack traffic terminal, the active drainage attack traffic terminal comprising: the system comprises a fourth data receiving module, an IP address mapping module, an IP address matching module, a fourth IP address modifying module and a third data sending module; and a corresponding system for actively draining the attack flow and performing disguised response, a method for disguising response and a method for actively draining the attack flow. Through the design, the invention can solve the problem that the current network deception equipment is relatively passive in a deception mode and cannot play a role in deception guidance.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a method, a terminal and a system for actively guiding attack flow and disguising response.
Background
As network applications go deep into people's lives and works, network attacks are also in endlessly, and especially in some important network nodes, such as large enterprise units, government agencies, operators and the like, a great deal of network attack threats are faced all the time. In order to deal with the increasingly serious network security problem, a network cheating device which is also called a honeypot and is used for inducing an attacker to invade and catching the attack behavior appears in the market. The traditional network deception equipment is mapped to the Internet through a disguised service system and cheats an attacker to access, but the deception mode is passive, and if the attacker directly accesses a real service system and does not access the disguised service system, the network deception equipment does not have any safety alarm and cannot play a role in deception guidance.
Disclosure of Invention
The embodiment of the invention aims to provide a method, a terminal and a system for actively draining attack flow and disguising response, and solves the problem that the current network deception equipment is relatively passive in a deception mode and cannot play a role in deception guidance.
In order to achieve the above object, an embodiment of the present invention provides a disguised response terminal, which includes:
the first data receiving module is used for receiving an access data packet of an attacker;
the first IP address modification module is used for modifying the source IP address of the attacker in the access data packet into a preset IP address;
the second IP address modification module is used for modifying the target IP address in the access data packet into a disguised service host IP address;
a first data transmission module; the access data packet is used for sending out the modified access data packet;
and the receiving and returning module is used for receiving the modified access data packet and returning a response data packet containing a response result.
Optionally, the receiving and returning module includes:
a data receiving unit, configured to receive the modified access data packet;
and the response returning unit is used for returning the response data packet.
Optionally, the disguised response terminal further includes:
a third data receiving module, configured to receive the response data packet;
a third IP address modification module, configured to modify the disguised service host IP address in the response packet into a real service host IP address;
a second data transmission module; and the third IP address modification module is used for sending out the IP address of the disguised service host modified by the third IP address modification module.
In order to achieve the above object, an embodiment of the present invention further provides an active drainage attack traffic terminal, where the active drainage attack traffic terminal includes:
the fourth data receiving module is used for receiving the access data packet sent by the attacker;
the IP address mapping module is used for mapping the target IP address in the access data packet into a real service host IP address;
the IP address matching module is used for matching the source IP address with the IP address of the attacker in the access data packet to form the source IP address of the attacker;
a fourth IP address modification module, configured to modify a next hop routing address in the access data packet to a preset IP address;
and the third data sending module is used for sending the access data packet modified by the fourth IP address modifying module to the equipment corresponding to the preset IP address.
Optionally, the active drainage attack traffic terminal further includes:
the response data acquisition module is used for receiving a response data packet;
a public network IP mapping module used for mapping the real service host intranet IP in the response data packet into a public network IP address;
and the response data sending module is used for sending the response data packet mapped by the public network IP mapping module.
Optionally, the active traffic steering attack terminal is a router.
Optionally, the active drainage attack traffic terminal is a network firewall.
In order to achieve the above object, an embodiment of the present invention further provides a method for actively draining attack traffic, where the method for actively draining attack traffic includes:
receiving an access data packet sent by an attacker;
mapping the target IP address in the access data packet into a real service host IP address;
matching the source IP address with the IP address of the attacker in the access data packet to form the source IP address of the attacker;
modifying the next hop routing address in the access data packet into a preset IP address;
sending the modified access data packet to equipment corresponding to the preset IP address;
receiving a response packet;
mapping the real service host intranet IP in the response data packet into a public network IP address;
and sending the response data packet mapped by the public network IP mapping module.
In order to achieve the above object, an embodiment of the present invention further provides a method for disguising a response, where the method for disguising a response includes:
receiving an access data packet of an attacker;
modifying the source IP address of the attacker in the access data packet into a preset IP address;
modifying the target IP address in the access data packet into a disguised service host IP address;
sending out the modified access data packet;
receiving the modified access data packet and returning a response data packet containing a response result;
receiving the response data packet;
modifying the IP address of the disguised service host in the response data packet into the IP address of the real service host;
and sending out the modified IP address of the disguised service host.
In order to achieve the above object, an embodiment of the present invention further provides a system for actively draining attack traffic and performing a masquerading response, where the system for actively draining attack traffic and performing a masquerading response includes:
the disguised response terminal is described above, and the active drainage attack traffic terminal is described above.
One of the above technical solutions has the following advantages or beneficial effects:
in the embodiment of the present invention, the disguised response terminal includes: the first data receiving module is used for receiving an access data packet of an attacker; the first IP address modification module is used for modifying the source IP address of the attacker in the access data packet into a preset IP address; the second IP address modification module is used for modifying the target IP address in the access data packet into a disguised service host IP address; a first data transmission module; the access data packet is used for sending out the modified access data packet; a receiving and returning module for receiving the modified access data packet and returning a response data packet containing a response result; the active drainage attack traffic terminal comprises a fourth data receiving module and a second data receiving module, wherein the fourth data receiving module is used for receiving an access data packet sent by an attacker; the IP address mapping module is used for mapping the target IP address in the access data packet into a real service host IP address; the IP address matching module is used for matching the source IP address with the IP address of the attacker in the access data packet to form the source IP address of the attacker; a fourth IP address modification module, configured to modify a next hop routing address in the access data packet to a preset IP address; the third data sending module is used for sending the access data packet modified by the fourth IP address modifying module to the equipment corresponding to the preset IP address; the method solves the problem that the current network deception equipment is relatively passive in a deception mode and cannot play a role in deception guidance.
Drawings
Fig. 1 is a block diagram of a disguised response terminal according to an embodiment of the present invention;
fig. 2 is another structural block diagram of a disguised response terminal according to an embodiment of the present invention;
fig. 3 is a block diagram of a structure of an active flow guiding attack flow terminal according to an embodiment of the present invention;
fig. 4 is another structural block diagram of an active traffic guiding attack terminal according to an embodiment of the present invention;
fig. 5 is a schematic flowchart of a method for actively draining attack traffic according to an embodiment of the present invention;
fig. 6 is a schematic flowchart of a method for disguising a response end according to an embodiment of the present invention;
fig. 7 is a schematic diagram illustrating an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
For convenience of understanding and explanation, in the following embodiments, the masquerading response terminal 100 is exemplified as a spoofing device to be explained in conjunction with a specific embodiment, and the active diversion attack 200 traffic terminal is exemplified as a border network device to be explained in conjunction with a specific embodiment, which should not be construed as a limitation to itself.
As shown in fig. 1, an embodiment of the present invention provides a disguised response terminal 100, where the disguised response terminal 100 includes:
the first data receiving module 110 is configured to receive an access data packet of an attacker.
In a specific embodiment, the first data receiving module 110 in the spoofing device executes the step S110 in the method for spoofing a response shown in fig. 6 to receive an access data packet of an attacker.
A first IP address modifying module 120, configured to modify the source IP address of the attacker in the access data packet to a preset IP address.
In a specific embodiment, after the attacker completes receiving the access data packet, the first IP address modification module 120 in the network spoofing device executes the step of S120 in the method for spoofing a response shown in fig. 6, and modifies the source IP address of the attacker in the access data packet to a preset IP address.
Wherein, the preset IP address can be understood as the IP address of the network spoofing device.
A second IP address modifying module 130, configured to modify the target IP address in the access packet into a masquerading service host IP address.
In a specific embodiment, the second IP address modification module 130 in the network spoofing device executes the step S130 in the method for spoofing response shown in fig. 6, and modifies the destination IP address in the access packet to the spoofed service host IP address.
A first data transmission module 140; for sending out the modified access data packet.
In a specific embodiment, the first data sending module 140 in the spoofing device executes the step S140 in the method for spoofing a response shown in fig. 6, and sends out the modified access data packet.
The object of the first data sending module 140 information sending includes a masquerading service host.
A receiving and returning module 150, configured to receive the modified access data packet, and return a response data packet containing a response result.
In a specific embodiment, the receiving and returning module 150 in the network spoofing device executes the step of S150 in the method for spoofing response shown in fig. 6, where the receiving and returning module 150 may be understood as the above-mentioned spoofing service host, and after receiving the access data packet, the spoofing service host returns a response result and sends a response data packet back to the network spoofing device.
Further, as shown in fig. 2, the reception return module 150 includes:
a data receiving unit, configured to receive the modified access data packet;
and the response returning unit is used for returning the response data packet.
In an embodiment, the data receiving unit in the receiving and returning module 150 may execute the access data packet sent by the first data sending module 140 in step S150 in the method of disguising response shown in fig. 6; the response returning unit in the receiving returning module 150 will perform the method of masquerading the response, in which the response data packet is sent back, i.e. sent back to the spoofing device in step S150.
Further, as shown in fig. 2, the disguised response terminal 100 further includes:
a third data receiving module 160, configured to receive the response packet.
In a specific embodiment, the third data receiving module 160 in the spoofing device executes the step S160 in the method for spoofing a response shown in fig. 6, and receives a response packet from the spoofing service host.
And a third IP address modification module 170, configured to modify the masquerading service host IP address in the response packet into a real service host IP address.
In a specific embodiment, the third IP address modification module 170 in the spoofing device executes the step of S170 in the method for spoofing response shown in fig. 6, and after the spoofing device receives the response packet of the spoofing service host, modifies the source IP address (i.e., the IP address of the spoofing service host) in the response packet to the IP address of the real service host.
A second data transmission module 180; for sending out the modified IP address of the masquerading service host by the third IP address modification module 170.
In a specific embodiment, the second data sending module 180 in the network spoofing device executes the step of S180 in the method for spoofing response shown in fig. 6, and sends out the spoofing service host IP address modified by the third IP address modifying module 170.
Wherein, the data transmission object of the second data transmission module 180 includes a central router.
In summary, when the spoofing device forwards the spoofing service host response packet to the network device boundary device, the source IP address is the IP of the spoofing service host, the spoofing device modifies the source IP to the real service host IP, and the target IP remains unchanged (attacker IP). Through the active drainage of the network boundary equipment and the disguised response of the network deception equipment, the source and destination IP addresses of the access of the attack flow and the response can be symmetrical, and the whole network access session is kept complete.
An embodiment of the present invention further provides an active drainage attack 200 flow terminal, as shown in fig. 3, the active drainage attack 200 flow terminal includes:
and a fourth data receiving module 210, configured to receive the access data packet sent by the attacker.
Specifically, in the embodiment, the fourth data receiving module 210 in the border network device executes the step S210 in the method for actively draining the flow of the attack 200 shown in fig. 5, and receives the access data packet sent by the attacker.
An IP address mapping module 220, configured to map the target IP address in the access data packet to a real service host IP address.
Specifically, in the embodiment, the IP address mapping module 220 in the border network device executes the step S220 in the method for actively steering the flow of the attack 200 shown in fig. 5, and maps the target IP address to the real service host IP address.
And the IP address matching module 230 is configured to match the source IP address to the IP address of the attacker in the access data packet, so as to form the source IP address of the attacker.
Specifically, in the embodiment, the IP address matching module 230 in the border network device executes the step S230 in the method for actively steering the flow of the attack 200 shown in fig. 5, and matches the source IP address to the IP address of the attacker in the access data packet through policy routing to form the source IP address of the attacker.
A fourth IP address modifying module 240, configured to modify the next-hop routing address in the access data packet into a preset IP address.
In a specific embodiment, the fourth IP address modification module 240 in the border network device executes the step S240 in the method for actively steering the flow of the attack 200 shown in fig. 5, and modifies the next-hop routing address in the access data packet to be a preset IP address, where the preset IP address includes an IP address of the spoofing device.
A third data sending module 250, configured to send the access data packet modified by the fourth IP address modifying module 240 to a device corresponding to the preset IP address.
In an embodiment, in the method for actively steering the flow of the attack 200 shown in fig. 5, the third data sending module 250 in the border network device executes the step S250, and forwards the access data packet of the attacker host to the device corresponding to the preset IP address, where the device corresponding to the preset IP address may be understood as the above network spoofing device.
Further, as shown in fig. 4, the active drainage attack 200 traffic terminal further includes:
and a response data obtaining module 260 for receiving the response data packet.
In an embodiment, the response data obtaining module 260 in the border network device may execute the step S260 in the method for actively draining the attack 200 traffic shown in fig. 5, and receive a response packet, where the response packet may be understood as coming from the spoofing device.
And a public network IP mapping module 270, configured to map the real service host intranet IP in the response data packet into a public network IP address.
In a specific embodiment, the public network IP mapping module 270 in the border network device executes the step S270 in the method for actively steering the flow of the attack 200 shown in fig. 5, and after receiving the response packet of the spoofing device, remaps the IP address of the real service host in the response packet to the public network IP address.
A response data sending module 280, configured to send the response data packet mapped by the public network IP mapping module 270.
In a specific embodiment, the response data sending module 280 in the border network device executes the step S280 in the method for actively steering the flow of the attack 200 shown in fig. 5, and sends out the response data packet mapped by the public network IP mapping module 270, where the sent object may be understood as the host of the attacker.
In summary, after receiving a data packet of the actual service host accessed by the attacker host, the network border device modifies the next-hop routing address into the network spoofing device IP while keeping the source IP and the target IP in the accessed data packet unchanged (i.e., the source IP is the attacker IP and the target IP is the actual service host IP), thereby implementing forced forwarding of the accessed data packet to the network spoofing device.
Further, the active drainage attack 200 traffic terminal is a router.
Further, the active drainage attack 200 flow terminal is a network firewall.
In particular embodiments, the border network device may include one or more of a router or a network firewall.
The embodiment of the invention also provides a system for actively draining 200 flows of attacks and carrying out disguised response, wherein the system for actively draining 200 flows of attacks and carrying out disguised response comprises:
a masquerading responder terminal 100 as described above, and an active draining attack 200 traffic terminal as described above.
The system for actively draining attack 200 traffic and performing a masquerading response is further described below with reference to fig. 7 and the embodiment.
When an attacker host (IP: 1.1.1.1) directly accesses a real service host (public network mapping IP: 2.2.2), after an active drainage attack 200 flow terminal receives an access data packet, a target IP address is mapped into a real service host intranet IP address (IP: 10.0.0.2); and then matching the source IP address as an IP address (IP: 1.1.1.1) of the attacker host through policy routing, actively guiding the flow terminal of the attack 200 to modify the next hop routing address in the access data packet as an IP address (IP: 10.0.0.4) of the disguised response terminal 100, and forwarding the access data packet of the attacker host to the disguised response terminal 100.
After receiving the access data packet of the attacker, the masquerading response terminal 100 modifies the source IP address (IP: 1.1.1.1) of the attacker in the access data packet to be the IP address (IP: 10.0.0.4) of the masquerading response terminal 100, and modifies the target IP address (IP: 10.0.0.2) in the access data packet to be the IP address (IP: 10.0.0.3) of the masquerading service host, that is, modifies the data packet of '1.1.1.1- > 10.0.0.2' to be: and 10.0.0.4- > 10.0.0.3', and finally sending the modified access data packet to the masquerading service host.
The disguise service host returns a response result after receiving the access data packet, and sends the response data packet back to the disguise response terminal 100 (IP: 10.0.0.4), after the disguise response terminal 100 receives the response data packet of the disguise service host, the source IP address in the response data packet, namely the disguise service host (IP: 10.0.0.3), is modified into the IP address (IP: 10.0.0.2) of the real service host, and is sent to the network boundary device, after the network boundary device receives the response data packet of the disguise response terminal 100, the IP address (IP: 10.0.0.2) of the real service host in the response data packet is remapped to the public network IP address (IP: 2.2.2.2), and finally the response data packet is forwarded to the attack host by routing.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A disguised response terminal, comprising:
the first data receiving module is used for receiving an access data packet of an attacker;
the first IP address modification module is used for modifying the source IP address of the attacker in the access data packet into a preset IP address;
the second IP address modification module is used for modifying the target IP address in the access data packet into a disguised service host IP address;
a first data transmission module; the access data packet is used for sending out the modified access data packet;
and the receiving and returning module is used for receiving the modified access data packet and returning a response data packet containing a response result.
2. The disguised response terminal as claimed in claim 1, wherein the reception return module comprises:
a data receiving unit, configured to receive the modified access data packet;
and the response returning unit is used for returning the response data packet.
3. The disguised response terminal as claimed in claim 1 or 2, further comprising:
a third data receiving module, configured to receive the response data packet;
a third IP address modification module, configured to modify the disguised service host IP address in the response packet into a real service host IP address;
a second data transmission module; and the third IP address modification module is used for sending out the IP address of the disguised service host modified by the third IP address modification module.
4. An active drainage attack traffic terminal, comprising:
the fourth data receiving module is used for receiving the access data packet sent by the attacker;
the IP address mapping module is used for mapping the target IP address in the access data packet into a real service host IP address;
the IP address matching module is used for matching the source IP address with the IP address of the attacker in the access data packet to form the source IP address of the attacker;
a fourth IP address modification module, configured to modify a next hop routing address in the access data packet to a preset IP address;
and the third data sending module is used for sending the access data packet modified by the fourth IP address modifying module to the equipment corresponding to the preset IP address.
5. The active drainage attack traffic terminal of claim 4, further comprising:
the response data acquisition module is used for receiving a response data packet;
a public network IP mapping module used for mapping the real service host intranet IP in the response data packet into a public network IP address;
and the response data sending module is used for sending the response data packet mapped by the public network IP mapping module.
6. The active traffic steering attack terminal according to claim 4 or 5, wherein the active traffic steering attack terminal is a router.
7. The active drainage attack traffic terminal of claim 4 or 5, wherein the active drainage attack traffic terminal is a network firewall.
8. A method of actively draining attack traffic, comprising:
receiving an access data packet sent by an attacker;
mapping the target IP address in the access data packet into a real service host IP address;
matching the source IP address with the IP address of the attacker in the access data packet to form the source IP address of the attacker;
modifying the next hop routing address in the access data packet into a preset IP address;
sending the modified access data packet to equipment corresponding to the preset IP address;
receiving a response packet;
mapping the real service host intranet IP in the response data packet into a public network IP address;
and sending the response data packet mapped by the public network IP mapping module.
9. A method of disguising a response, comprising:
receiving an access data packet of an attacker;
modifying the source IP address of the attacker in the access data packet into a preset IP address;
modifying the target IP address in the access data packet into a disguised service host IP address;
sending out the modified access data packet;
receiving the modified access data packet and returning a response data packet containing a response result;
receiving the response data packet;
modifying the IP address of the disguised service host in the response data packet into the IP address of the real service host;
and sending out the modified IP address of the disguised service host.
10. A system for actively draining attack traffic and performing disguised responses, comprising:
a disguised response terminal according to any one of claims 1 to 3 and an active drain attack traffic terminal according to any one of claims 4 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110006985.9A CN114285589A (en) | 2021-01-05 | 2021-01-05 | Method, terminal and system for actively guiding attack flow and disguising response |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110006985.9A CN114285589A (en) | 2021-01-05 | 2021-01-05 | Method, terminal and system for actively guiding attack flow and disguising response |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114285589A true CN114285589A (en) | 2022-04-05 |
Family
ID=80868177
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110006985.9A Pending CN114285589A (en) | 2021-01-05 | 2021-01-05 | Method, terminal and system for actively guiding attack flow and disguising response |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285589A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115499241A (en) * | 2022-10-11 | 2022-12-20 | 中电云数智科技有限公司 | Method and system for draining fluid from intranet to honeypot based on eBPF XDP |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161670A (en) * | 2016-06-02 | 2016-11-23 | 黄小勇 | Address conversion process method and address conversion processing unit |
| CN111526132A (en) * | 2020-04-08 | 2020-08-11 | 上海沪景信息科技有限公司 | Attack transfer method, device, equipment and computer readable storage medium |
| CN111556061A (en) * | 2020-04-29 | 2020-08-18 | 上海沪景信息科技有限公司 | Network disguising method, device, equipment and computer readable storage medium |
-
2021
- 2021-01-05 CN CN202110006985.9A patent/CN114285589A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161670A (en) * | 2016-06-02 | 2016-11-23 | 黄小勇 | Address conversion process method and address conversion processing unit |
| CN111526132A (en) * | 2020-04-08 | 2020-08-11 | 上海沪景信息科技有限公司 | Attack transfer method, device, equipment and computer readable storage medium |
| CN111556061A (en) * | 2020-04-29 | 2020-08-18 | 上海沪景信息科技有限公司 | Network disguising method, device, equipment and computer readable storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115499241A (en) * | 2022-10-11 | 2022-12-20 | 中电云数智科技有限公司 | Method and system for draining fluid from intranet to honeypot based on eBPF XDP |
| CN115499241B (en) * | 2022-10-11 | 2024-02-13 | 中电云计算技术有限公司 | Method and system for draining XDP from intranet to honeypot based on eBPF |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101010465B1 (en) | Network security elements using endpoint resources | |
| CN111756712B (en) | Method for forging IP address and preventing attack based on virtual network equipment | |
| CN112769771A (en) | Network protection method, system and system architecture based on false topology generation | |
| CN110266650B (en) | Identification method of Conpot industrial control honeypot | |
| Tripathi et al. | Analysis of various ARP poisoning mitigation techniques: A comparison | |
| Hudaib et al. | DNS advanced attacks and analysis | |
| CN113765846A (en) | Intelligent detection and response method and device for network abnormal behavior and electronic equipment | |
| CN114244801B (en) | ARP spoofing prevention method and system based on government enterprise gateway | |
| Jeyanthi | Internet of things (IoT) as interconnection of threats (IoT) | |
| US11658995B1 (en) | Methods for dynamically mitigating network attacks and devices thereof | |
| Petrović et al. | Man-in-the-middle attack based on ARP spoofing in IoT educational platform | |
| CN114285589A (en) | Method, terminal and system for actively guiding attack flow and disguising response | |
| Prabadevi et al. | A framework to mitigate ARP sniffing attacks by cache poisoning | |
| Chen et al. | Preventing DRDoS attacks in 5G networks: a new source IP address validation approach | |
| CN105491179A (en) | Solution for coping with reflection amplification attacks of domain name system (DNS) server | |
| CN114465750B (en) | Network topology confusion virtual path creating method, device, terminal and system | |
| Kavisankar et al. | CNoA: Challenging Number Approach for uncovering TCP SYN flooding using SYN spoofing attack | |
| RU2680038C1 (en) | Method of computer networks protection | |
| Liu et al. | Study on attacking and defending techniques in IPv6 networks | |
| Winter | Measuring and circumventing Internet censorship | |
| Shue et al. | Packet forwarding with source verification | |
| Wu et al. | A three-layer defense mechanism based on web servers against distributed denial of service attacks | |
| Mohan et al. | Notice of Violation of IEEE Publication Principles: An Effective Defense against Distributed Denial of Service in Grid | |
| Guliyev | ARP attack in Kali linux for pentesting secure transmission of packets | |
| CN110768983B (en) | Message processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |